User Authentication in Flask
Introduction
This article explains how to integrate Flask-Login for user authentication and manage user sessions, including login and logout functionalities.
Step 1: Installing Flask-Login
First, install Flask-Login using pip:
pip install flask flask-login flask-sqlalchemy
Step 2: Setting Up Flask and Database
Set up your Flask application and configure SQLAlchemy:
from flask import Flask, render_template, redirect, url_for, request, flash
from flask_sqlalchemy import SQLAlchemy
from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user, current_user
app = Flask(__name__)
app.config['SECRET_KEY'] = 'your_secret_key'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///users.db'
db = SQLAlchemy(app)
login_manager = LoginManager(app)
login_manager.login_view = 'login'
Step 3: Creating the User Model
Define a User model that inherits from UserMixin:
class User(db.Model, UserMixin):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(150), unique=True, nullable=False)
password = db.Column(db.String(150), nullable=False)
Create the database:
db.create_all()
Step 4: Loading Users
Define a user loader function for Flask-Login:
@login_manager.user_loader
def load_user(user_id):
return User.query.get(int(user_id))
Step 5: Setting Up the Registration Route
Create a route for user registration:
@app.route('/register', methods=['GET', 'POST'])
def register():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
user = User(username=username, password=password)
db.session.add(user)
db.session.commit()
flash('Account created successfully!')
return redirect(url_for('login'))
return '''
<form method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<button type="submit">Register</button>
</form>
'''
Step 6: Setting Up the Login Route
Create a route for user login:
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
user = User.query.filter_by(username=username).first()
if user and user.password == password:
login_user(user)
flash('Login successful!')
return redirect(url_for('dashboard'))
else:
flash('Invalid username or password')
return '''
<form method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<button type="submit">Login</button>
</form>
'''
Step 7: Creating the Dashboard Route
Create a protected route for logged-in users:
@app.route('/dashboard')
@login_required
def dashboard():
return f'Welcome, {current_user.username}!'
Step 8: Setting Up the Logout Route
Create a route for user logout:
@app.route('/logout')
@login_required
def logout():
logout_user()
flash('You have been logged out.')
return redirect(url_for('login'))
Conclusion
This guide demonstrates how to integrate Flask-Login into a Flask application for user authentication, including user sessions for login and logout. Customize the registration and login templates as needed for your project.